CN103748826B - Prevent from being attacked the method and apparatus that the data carried out are extracted by sideband channel - Google Patents
Prevent from being attacked the method and apparatus that the data carried out are extracted by sideband channel Download PDFInfo
- Publication number
- CN103748826B CN103748826B CN201280041506.6A CN201280041506A CN103748826B CN 103748826 B CN103748826 B CN 103748826B CN 201280041506 A CN201280041506 A CN 201280041506A CN 103748826 B CN103748826 B CN 103748826B
- Authority
- CN
- China
- Prior art keywords
- value
- secret
- virtual
- data
- virtual value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
Abstract
A kind of data transmission method includes receiving control signal, and this control signal triggers the element (24) that secret value is conveyed into circuit (20).In response to this control signal, virtual value (42,50) and secret value are inserted in the element of circuit in succession.
Description
Cross-Reference to Related Applications
This application claims the rights and interests of the U.S. Provisional Patent Application 61/573,453 of JIUYUE in 2011 submission on the 6th, this application is incorporated herein by.
Technical field
This patent disclosure relates generally to data safety, be specifically related to protect electronic equipment and storage data in such devices from undelegated access.
Background technology
By the internal signal in sensing electronic equipment, various tool and methods can be used for extracting information from this electronic equipment.These tool and methods can be used for obtaining the unauthorized access to the secret information in these equipment by assailant.On the other hand, equipment manufacturers develop and stop these technology attacked.
Such as, Patent Application Publication 2005/0002523 describe one be considered to Differential Power Analysis (DPA) attack provide safeguard protection device.This device has multiplexer, this multiplexer has control input, data input, and data output, and the output of these data one of enters data into for output that the encrypted data signal at place is straight-through connects the encryption mapping output valve that (through-connecting) export to data.The encrypted data signal of the data input of multiplexer provides based on key.The control signal of the output valve that instruction is to be mapped is used for the control input of multiplexer.
United States Patent (USP) 7,420,862 describe a kind of data inversion (inversion) equipment, it difference amplifier including having the first and second incoming lines.Controller is coupled to selectively and is decoupled with difference amplifier by the first and second incoming lines individually.
PCT International Publication case WO2009/156881 describes a kind of method that the information from the favorite outward leakage of secret preserved in a memory cell is detected by obstruction.Memory cell is in non-operating state during at least very first time measures, and after this at least very first time amount, changes memory cell service condition, thus makes memory cell enter running status.After waiting the second time quantum, change at least second condition that memory cell runs, thus make memory cell enter non-operating state.During the second time quantum, only realize the access to secret information, and during the very first time measures, limit the detection to the unexpected secret information revealed.
Patent Application Publication 2009/0262930 describe a kind of forbid confidential information by the power analysis attacks on the processor in encryption system compromised method.The method uses maker (generator) G to cover (mask) cryptographic operation.Generation can be with maker G combination to form the secret value of secret generator.Secret value is divided into some.Generate random value to be associated with some.The introducing of randomness is considered to be conducive to introduce noise into algorithm that encryption system used to cover secret value and providing protection to tackle power analysis attacks.
Patent Application Publication 2001/0053220 describes and uses coverage (mask) to prevent Differential Power Analysis and other computations attacked.During the equipment described in operation disclosure case, preferably by quickly new entropy being introduced in the table used in calculating than information leakage, this table of regular update so that assailant cannot measure acquisition table content by analysis.
Patent Application Publication 2007/0180541 describes a kind of instruction coverage and Encryption Architecture of other technologies having and hindering Differential Power Analysis.AES is inserted in the instruction of random amount so that the information of leakage cannot be calibrated in time, so that assailant cannot crack encryption.
Summary of the invention
The embodiment being described below of the present invention provides and can realize protecting secret data to find the technology of impact from unauthorized in electronic circuit.
Therefore, according to the embodiment of the present invention, it is provided that a kind of data transmission method, it includes receiving control signal, and described control signal triggers the element of secret value transmission to circuit.In response to control signal, by can virtual (dummy) value of non-constant of determining that property, and secret value inserts in the element of circuit in succession.
Insert virtual value and secret value in succession and can include in virtual value insertion element, then utilize secret value to rewrite virtual value, and/or by secret value insertion element, then utilize virtual value to rewrite secret value.
In disclosed embodiment, described method is included in after in secret value insertion element, states (assert) data valid signal, wherein, de-asserts (deassert) data valid signal while element preserves virtual value.
Virtual value can include non-constant value, such as random value or a succession of alternately position.Alternatively, virtual value can include the reciprocal value (inverse, reciprocal) of secret value.
According to the embodiment of the present invention, additionally provide a kind of electronic equipment, including: secret data source, it is configured to provide for secret value, and virtual data maker, is configured to generate virtual value.Component is configured to receive data value.Switching device is configured in response to triggering the virtual value that the control signal of secret value transmission to component is come in the future self-virtualizing Data Generator and the secret value from secret data source is inserted in component in succession.
In conjunction with accompanying drawing, according to the following detailed description of embodiment of the present invention, the present invention will be more fully appreciated by, wherein:
Accompanying drawing explanation
Fig. 1 is to schematically show the use virtual data according to embodiment of the present invention to protect to tackle the block diagram of the circuit that sideband channel attacks (side-channel attack);
Fig. 2 to Fig. 4 is the block diagram schematically showing the virtual data maker according to embodiment of the present invention.
Detailed description of the invention
Have been developed over various technology with the component in IDE, such as depositor, grid, buffer and switch extract information.These technology are used for accessing at device memory storage or the secret information of generation by unauthorized user sometimes.
A part for these technology relates to " sideband channel ", refers to do not carrying in the case of the conductor (conductor) of this information carries out actual electrical contact extract secret information with circuit.Sideband channel technology such as includes by power analysis without measuring the signal of telecommunication intrusively and measuring the radiation that the component in integrated circuit sends.The advantage of these technology is many component, such as cmos element, mainly in the logic element transition period, i.e. their value from 0 become 1 or from 1 become 0 during, power consumption (therefore can also send radiation).This power consumption is the source of sideband channel signal.
Based on this principle, assailant can measure power consumption or the radiation sent, and makes component preserve in known state (the most all position=0, or the default value determined by reverse engineering) and element simultaneously and circulates between the unknown state of secret value.These attack can by control software, repeat reset or power " fault (glitch) " application etc. perform.The result operated as these, sideband channel signal generally sends all positions of changing from carrying out, and has the corresponding position of given value owing to its secret value is different from, does not sends (or sending the faintest) signal simultaneously from the immovable all positions of its value.Sensing these signals thus enables assailant infer secret value by comparing with given value.
It is generally of the lowest so that the signal amplitude that reliably cannot read from single measurement by the sideband channel signal of these technical limit spacing.Therefore, assailant is it is generally required to repeated measure repeatedly and integrates measurement result to collect and being large enough to by force useful signal.
In the embodiment being described below of the present invention, these sideband channel are attacked and are stoped by virtual value, and this virtual value dynamically generates in circuit that may be under attack, and is disabled for assailant.This circuit is arranged such that when receiving triggering and secret value being transmitted the control signal to certain element of circuit, by virtual value and secret value insertion element in succession.Generally it is automatically inserted into virtual value by hardwired logic so that assailant cannot arrive or distort this virtual value easily.Before or after secret value, generally can insert virtual value (that is, within one or several clock cycle) in rapid succession.
Owing to inserting virtual value the most in succession along with secret value, each cycle that secret value is inserted component is directed to two groups of position conversions, is included between virtual value and secret value conversion, and vice versa.(between virtual value and secret value or between secret value and virtual value, conversion collectively referred to herein as " covers conversion ".) because virtual value is not hacked known to person, so the power that coverage is consumed in changing can not provide any useful information into assailant.When assailant attempts measure within multiple cycles and integrate sideband channel signal, the mixing covering conversion in several cycles can obscure any useful information that assailant may extract, and thus stops sideband channel to be attacked.
The virtual value used in embodiment of the present invention can be random, or can be with right and wrong constant, definitiveness value, as long as carry out selecting in the way of easily cannot not being hacked person's discovery or prediction.These values are referred to as " virtual ", because these values are actually required for during running circuit.Such as, only when " data are effective " signal is released from statement (when the data meaning in element are considered as invalid by other elements of circuit), virtual value just may reside in component, and is therefore not transferred to other components.On the other hand, in some embodiments, virtual value such as can be re-used as the random value in follow-up cryptographic operation.
Technique described herein may be used for covering the conversion caused owing to secret value being inserted substantially any type of component, the such as memory component including such as depositor and buffer and such as switch and the logic element of grid.Different terms are commonly used to the data transfer operation represented to these components in this technique, including " loading ", " propagation ", " switching ", " reading " etc..Term " inserts " and uses in the context of specification and claims, although therefore jargon is different, also should be understood to contain the data transmission of all correlation types.
Fig. 1 is to schematically show the virtual data that uses according to embodiment of the present invention to protect to tackle the block diagram of the circuit 20 that sideband channel is attacked.For the ease of fairly setting out, circuit 20 is considerably simplified.In practice, embodiments of the present invention are typically incorporated in the more complicated circuit that data receive publicity safely, and ratio is in particular such as in smart card, key disk (disk-on-key) equipment, media player, communication equipment and other equipment.Additionally, although Fig. 1 merely illustrates by the way of explanation, to feed single depositor 24(as discussed below) single virtual Data Generator 28, but similar layout may be used for inserting in other kinds of component virtual value;Identical virtual data maker can provide virtual data by various types of multiple different elements in circuit.Alternatively, or in addition, circuit can include the multiple virtual data makers feeding multiple different component.
In the embodiment shown, secret data source 22 is on-demand provides the secret data read subsequently by logic 26 to depositor 24.Secret data source such as can include One Time Programmable (OTP) memorizer preserving unique secret key (secret key), or the safe storage of any other suitable type.Alternatively, secret data source can include any other component receiving or calculating the secret value for being loaded in depositor 24.When depositor 24 receives instruction, secret value to be read in the control signal of depositor, suitable switching device, such as multiplexer 30 are " selected " signal activation to read in secret value in succession from source 22 and to read in virtual value from virtual data maker 28.Control signal to depositor 24 can include the statement to read requests row (read requestline) from logic 26, the signal such as or by controller or other processor (not shown) stated.First multiplexer 30 can select virtual value, then selects secret value, and vice versa, or virtual value can read in before and after secret value depositor 24.Alternatively, other kinds of switching device may be used for loading virtual value and secret value in succession.
As it has been described above, the most in succession virtual value and secret value are read in depositor 24.The operation of involved component is usual Hard link or hard coded in the controller in circuit logic so that even if assailant can cause circuit 20 to repeat to load secret value from the outside, but repeat all with loading virtual value every time.In this way, prevent assailant from extracting the useful sideband channel information about secret value.In some embodiments, before each such loading operation, virtual data maker 28 can be triggered and generate new virtual value, as shown in Figure 1.
When depositor 24 loaded secret value and pass by for data to be solved in depositor grace time time, state to " effectively " signal of logic 26, instruction data can be used for reading from depositor.In order to reduce the delay of transmission secret value, only when depositor is in disarmed state, i.e. when de-asserting useful signal, just virtual value can be transferred to depositor and be preserved by this depositor.Such as, virtual value directly can be read in depositor 24 before reading in secret value by multiplexer 30 at short notice, and then this depositor rewrote virtual value before depositor becomes effectively.As long as (virtual value is not used by follow-up component, the most never needs to be stable in depositor 24.) alternatively, or in addition, after secret value is read out to logic 26, virtual value can be read in depositor by multiplexer.From the assailant of the sideband channel signal that circuit 20 sends, measurement generally cannot sense whether useful signal is declared and therefore cannot be distinguished by the loading of secret value and virtual value.Optionally, whenever reading in secret value, it is possible to multiple different virtual values are read in depositor 24 in succession.
Virtual data maker 28 can realize the data genaration function of any suitable type, as long as this function makes any probability to the position conversion between secret value and the virtual value of location high and unrelated with to the secret value of location." high " probability refers to exceed the loading operation number of repetition that assailant needs in order to gather obvious sideband channel signal, and all positions all averagely will carry out the conversion of approximately same number.Therefore, under sideband channel measurement requirement repeats the typical scene of 1000 times, the probability of 10% is sufficient for height.In order to stop extremely sensitive sideband channel to be measured, possibility of transformation can increase to 30%, even increase to 50%(or more than).Giving location conversion is upwards (from 0 to 1) or downwards (from 1 to 0) is the most unimportant, to location conversion quantity up and down to tend to averaging out from virtual value to secret value and during the multiple conversions of secret value to virtual value because any.Below by the several exemplary realization of statement virtual data maker.
In alternate embodiments, virtual data maker 28 virtual value provided can use in the successor operation of circuit 20.Such as, if virtual value is random, then logic 26 can read them and from the secret value in secret data source 22 and can use random value in cryptographic operation, as with known in the art with replacement.Position conversion between secret value and virtual value does not reduce efficiency in this case for covering sideband channel information.
Even if when only just virtual value being read in depositor 24 when depositor is in disarmed state, extra delay served by circuit 20 band of the most still giving of virtual value and secret value.In order to avoid in the application that speed is more crucial, this delay occurs, depositor 24 can be made to double, and can between this is to depositor round (toggle) secret value and virtual value so that in each clock cycle, in depositor one the effective secret value of preservation.Logic 26 between depositor round its input with each cycle read effective secret value.
Fig. 2 is the block diagram in the cards schematically showing the virtual data maker 28 according to embodiment of the present invention.Whenever taking turns shifting circuit, such as trigger (flip-flop) 40 and being triggered by clock input (such as it can be provided by the trailing edge of " data are effective " signal of depositor 24), generate and become 1 from 0 or become the output of 0 from 1.In this case, maker 28 virtual value 42 exported includes a succession of alternately position, and 0 and 1 inserts in all positions of virtual value in succession.Result, any probability to location of experience conversion in depositor 24 (and therefore producing sideband channel signal) no matter secret value the most closely 50% when loading secret value every time so that significant data cannot be extracted by comprehensive sideband channel analysis.
Fig. 3 is another block diagram in the cards schematically showing the virtual data maker 28 according to embodiment of the present invention.Maker 28 includes an inverter 44 so that each position of virtual value is the logical complement of corresponding position in secret value.As a result, for each secret value of input register 24, no matter secret value, the most all close to 100%, makes to extract significant data again to carry out producing any probability to location of the conversion of sideband channel signal.
Fig. 4 is another block diagram in the cards schematically showing the virtual data maker 28 according to embodiment of the present invention.In this case, random number generator (RNG) 48 provides place value to generate virtual value 50.Term " at random " is interpreted as including truly random and pseudo-random bit maker in a broad sense.Each position of virtual value 50 can be provided with the single random value of self;Or alternatively, many group positions or all positions can share the identical place value provided by RNG48, update these place values (randomly) during the most every new virtual value of secondary output.Under any circumstance, any probability giving location of the conversion of experience generation sideband channel signal is the most all again close to 50% regardless of secret value.
The technology being described above to use virtual data to stop sideband channel to be attacked optionally can use in conjunction with other defense techniques.Such as, technique described herein can combine with the value displacement method as described in Patent Application Publication 2011/0083194 and the method stoping the attack of Tong Bus sideband channel as described in PCT Patent Application PCT/IB2011/055117 submitted on November 16th, 2011 and the additive method described in the list of references quoted the most in the background section.
It is, therefore, to be understood that embodiments described above is quoted by the way of example, and the invention is not restricted to the content specifically illustrating and being described above.On the contrary, the scope of the present invention includes those skilled in the art expects after reading the above description and the disclosedest, the combination of above-described various features and sub-portfolio and change thereof and amendment.
Claims (12)
1. a data transmission method, including:
Receiving control signal, described control signal triggers the unit of secret value transmission to circuit
Part;And
In response to described control signal, by virtual value and the described secret of deterministic non-constant
Value is inserted in the described element of described circuit in succession,
Wherein, insert described virtual value in succession and described secret value includes inserting described virtual value
Enter in described element, then before the depositor preserving described virtual value becomes effectively, profit
Described virtual value is rewritten by described secret value.
Method the most according to claim 1, wherein, inserts described virtual value and described secret in succession
Close value includes inserting in described element described secret value, then utilizes described virtual value to weigh
Write described secret value.
Method the most according to claim 1, is included in and described secret value is inserted in described element
Afterwards, claim data useful signal, wherein, preserve the same of described virtual value at described element
Time de-assert described data valid signal.
Method the most according to claim 2, is included in and described secret value is inserted in described element
Afterwards, claim data useful signal, wherein, preserve the same of described virtual value at described element
Time de-assert described data valid signal.
5. according to the method described in any one in Claims 1-4, wherein, described virtual value bag
Include a succession of alternately position.
6. according to the method described in any one in Claims 1-4, wherein, described virtual value bag
Include the reciprocal value of described secret value.
7. an electronic equipment, including:
Secret data source, is configured to supply secret value;
Virtual data maker, is configurable to generate the virtual value of deterministic non-constant;
Component, it is configured to receive data value;And
Switching device, it is configured to respond to trigger the transmission of described secret value to described electricity
Deterministic several by from described virtual data maker of the control signal of circuit component
Virtual value and insert described component in succession from the secret value in described secret data source
In,
Wherein, described switching device is configured to insert in described element by described virtual value,
Then, before the depositor preserving described virtual value becomes effectively, described secret value is utilized
Rewrite described virtual value.
Equipment the most according to claim 7, wherein, described switching device is configured to described
Secret value is inserted in described element, then utilizes described virtual value to rewrite described secret value.
Equipment the most according to claim 7, wherein, described component is configured to by institute
After stating in the secret value described element of insertion, claim data useful signal, and wherein,
Described component de-asserts described data valid signal while preserving described virtual value.
Equipment the most according to claim 8, wherein, described component is configured to by institute
After stating in the secret value described element of insertion, claim data useful signal, and wherein,
Described component de-asserts described data valid signal while preserving described virtual value.
11. according to the equipment described in any one in claim 7 to 10, wherein, and described virtual value bag
Include a succession of alternately position.
12. according to the equipment described in any one in claim 7 to 10, wherein, and described virtual value bag
Include the reciprocal value of described secret value.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201161573453P | 2011-09-06 | 2011-09-06 | |
| US61/573,453 | 2011-09-06 | ||
| GB1201484.1A GB2494731B (en) | 2011-09-06 | 2012-01-30 | Preventing data extraction by sidechannel attack |
| GB1201484.1 | 2012-01-30 | ||
| PCT/IB2012/054365 WO2013035006A1 (en) | 2011-09-06 | 2012-08-27 | Preventing data extraction by side-channel attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103748826A CN103748826A (en) | 2014-04-23 |
| CN103748826B true CN103748826B (en) | 2016-10-12 |
Family
ID=45876256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201280041506.6A Expired - Fee Related CN103748826B (en) | 2011-09-06 | 2012-08-27 | Prevent from being attacked the method and apparatus that the data carried out are extracted by sideband channel |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US9135453B2 (en) |
| EP (1) | EP2721763B1 (en) |
| CN (1) | CN103748826B (en) |
| GB (1) | GB2494731B (en) |
| WO (1) | WO2013035006A1 (en) |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9703945B2 (en) | 2012-09-19 | 2017-07-11 | Winbond Electronics Corporation | Secured computing system with asynchronous authentication |
| KR102028729B1 (en) * | 2013-03-11 | 2019-11-04 | 삼성전자주식회사 | Apparatus and method for non-blocking execution of a static scheduled processor |
| JP2016517597A (en) * | 2013-03-15 | 2016-06-16 | パワー フィンガープリンティング インコーポレイテッド | System, method and apparatus for enhancing integrity assessment using a power fingerprinting system in a computer-based system |
| US9455962B2 (en) | 2013-09-22 | 2016-09-27 | Winbond Electronics Corporation | Protecting memory interface |
| US9343162B2 (en) | 2013-10-11 | 2016-05-17 | Winbond Electronics Corporation | Protection against side-channel attacks on non-volatile memory |
| EP2884387B1 (en) * | 2013-12-13 | 2016-09-14 | Thomson Licensing | Efficient modular addition resistant to side-channel attacks |
| US9318221B2 (en) | 2014-04-03 | 2016-04-19 | Winbound Electronics Corporation | Memory device with secure test mode |
| TWI712915B (en) | 2014-06-12 | 2020-12-11 | 美商密碼研究公司 | Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium |
| IL234956A (en) | 2014-10-02 | 2017-10-31 | Kaluzhny Uri | Bus protection with improved key entropy |
| US10015006B2 (en) | 2014-11-05 | 2018-07-03 | Georgia Tech Research Corporation | Systems and methods for measuring side-channel signals for instruction-level events |
| US10530566B2 (en) * | 2015-04-23 | 2020-01-07 | Cryptography Research, Inc. | Configuring a device based on a DPA countermeasure |
| US9268938B1 (en) | 2015-05-22 | 2016-02-23 | Power Fingerprinting Inc. | Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection |
| US10489611B2 (en) * | 2015-08-26 | 2019-11-26 | Rambus Inc. | Low overhead random pre-charge countermeasure for side-channel attacks |
| DE102016119750B4 (en) * | 2015-10-26 | 2022-01-13 | Infineon Technologies Ag | Devices and methods for multi-channel scanning |
| US10019571B2 (en) | 2016-03-13 | 2018-07-10 | Winbond Electronics Corporation | Protection from side-channel attacks by varying clock delays |
| US10395035B2 (en) * | 2016-09-27 | 2019-08-27 | Intel Corporation | Photon emission attack resistance driver circuits |
| DE102017206648A1 (en) * | 2017-04-20 | 2018-10-25 | Robert Bosch Gmbh | Obfuscation through soft computing-based implementation |
| FR3069993B1 (en) * | 2017-08-07 | 2020-09-18 | Maxim Integrated Products | DEVICES AND METHODS FOR MASKING RSA ENCRYPTION OPERATIONS |
| WO2019155693A1 (en) * | 2018-02-07 | 2019-08-15 | ソニーセミコンダクタソリューションズ株式会社 | Control device and control method |
| US10826694B2 (en) | 2018-04-23 | 2020-11-03 | International Business Machines Corporation | Method for leakage-resilient distributed function evaluation with CPU-enclaves |
| CN109740214B (en) * | 2018-12-24 | 2023-10-13 | 中国信息通信研究院 | Method and device for constructing turnover counting model |
| US11456855B2 (en) * | 2019-10-17 | 2022-09-27 | Arm Limited | Obfuscating data at-transit |
| US11651194B2 (en) | 2019-11-27 | 2023-05-16 | Nvidia Corp. | Layout parasitics and device parameter prediction using graph neural networks |
| US11283349B2 (en) * | 2020-04-23 | 2022-03-22 | Nvidia Corp. | Techniques to improve current regulator capability to protect the secured circuit from power side channel attack |
| US11507704B2 (en) | 2020-04-23 | 2022-11-22 | Nvidia Corp. | Current flattening circuit for protection against power side channel attacks |
| US11599679B2 (en) * | 2020-06-23 | 2023-03-07 | Arm Limited | Electromagnetic and power noise injection for hardware operation concealment |
| WO2022029443A1 (en) | 2020-08-07 | 2022-02-10 | Pugged Code Limited | Method and apparatus for reducing the risk of successful side channel and fault injection attacks |
| US20220083651A1 (en) * | 2020-09-17 | 2022-03-17 | Intel Corporation | Protection of authentication tag computation against power and electromagnetic side-channel attacks |
| CN112148659B (en) * | 2020-09-21 | 2022-02-01 | 牛芯半导体(深圳)有限公司 | Data transmission circuit |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009156881A2 (en) * | 2008-06-24 | 2009-12-30 | Nds Limited | Security within integrated circuits |
| CN102110206A (en) * | 2010-12-27 | 2011-06-29 | 北京握奇数据系统有限公司 | Method for defending attack and device with attack defending function |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2885956C (en) * | 1998-05-18 | 2016-07-12 | Giesecke & Devrient Gmbh | Access-protected data carrier |
| IL139935A (en) | 1998-06-03 | 2005-06-19 | Cryptography Res Inc | Des and other cryptographic processes with leak minimization for smartcards and other cryptosystems |
| JP2000106550A (en) * | 1998-09-29 | 2000-04-11 | Fujitsu Ltd | Data communication device |
| US7599491B2 (en) | 1999-01-11 | 2009-10-06 | Certicom Corp. | Method for strengthening the implementation of ECDSA against power analysis |
| US7000111B1 (en) | 2000-11-07 | 2006-02-14 | Ericsson Inc. | Method for masking secret multiplicands |
| US7185362B2 (en) * | 2001-08-20 | 2007-02-27 | Qualcomm, Incorporated | Method and apparatus for security in a data processing system |
| JP3902440B2 (en) * | 2001-10-29 | 2007-04-04 | 三菱電機株式会社 | Cryptographic communication device |
| DE10310781A1 (en) | 2003-03-12 | 2004-09-30 | Infineon Technologies Ag | Method for operating a microprocessor and a microprocessor arrangement |
| DE10324422B4 (en) | 2003-05-28 | 2007-02-08 | Infineon Technologies Ag | Method and device for mapping an input value to be mapped onto an encrypted mapped output value |
| US7899190B2 (en) | 2004-04-16 | 2011-03-01 | Research In Motion Limited | Security countermeasures for power analysis attacks |
| US7949883B2 (en) | 2004-06-08 | 2011-05-24 | Hrl Laboratories, Llc | Cryptographic CPU architecture with random instruction masking to thwart differential power analysis |
| US7496616B2 (en) * | 2004-11-12 | 2009-02-24 | International Business Machines Corporation | Method, apparatus and system for resistance to side channel attacks on random number generators |
| US7420862B2 (en) | 2006-04-25 | 2008-09-02 | Infineon Technologies Ag | Data inversion device and method |
| US7565492B2 (en) * | 2006-08-31 | 2009-07-21 | Intel Corporation | Method and apparatus for preventing software side channel attacks |
| WO2009122464A1 (en) | 2008-03-31 | 2009-10-08 | 富士通株式会社 | Coder equipped with common key code function and built-in equipment |
| JP2010288233A (en) * | 2009-06-15 | 2010-12-24 | Toshiba Corp | Encryption processing apparatus |
-
2012
- 2012-01-30 GB GB1201484.1A patent/GB2494731B/en not_active Expired - Fee Related
- 2012-08-27 CN CN201280041506.6A patent/CN103748826B/en not_active Expired - Fee Related
- 2012-08-27 WO PCT/IB2012/054365 patent/WO2013035006A1/en active Application Filing
- 2012-08-27 EP EP12783283.0A patent/EP2721763B1/en not_active Not-in-force
- 2012-08-27 US US14/131,396 patent/US9135453B2/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009156881A2 (en) * | 2008-06-24 | 2009-12-30 | Nds Limited | Security within integrated circuits |
| CN102110206A (en) * | 2010-12-27 | 2011-06-29 | 北京握奇数据系统有限公司 | Method for defending attack and device with attack defending function |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2494731B (en) | 2013-11-20 |
| CN103748826A (en) | 2014-04-23 |
| GB201201484D0 (en) | 2012-03-14 |
| GB2494731A (en) | 2013-03-20 |
| US20140143883A1 (en) | 2014-05-22 |
| EP2721763A1 (en) | 2014-04-23 |
| WO2013035006A1 (en) | 2013-03-14 |
| EP2721763B1 (en) | 2016-11-16 |
| US9135453B2 (en) | 2015-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103748826B (en) | Prevent from being attacked the method and apparatus that the data carried out are extracted by sideband channel | |
| Schellenberg et al. | Remote inter-chip power analysis side-channel attacks at board-level | |
| Cui et al. | Static and dynamic obfuscations of scan data against scan-based side-channel attacks | |
| Mirzargar et al. | Physical side-channel attacks and covert communication on FPGAs: A survey | |
| KR20170098731A (en) | Method of protecting a circuit against a side-channel analysis | |
| TWI537950B (en) | Non-volatile memory devices and methods for non-volatile memory devices | |
| EP1984871A2 (en) | Circuit arrangement, data processing device comprising such circuit arrangement as well as method for identifying an attack on such circuit arrangement | |
| US20110258459A1 (en) | Method for protecting the decrypting of the configuration files for programmable logic circuits and circuit implementing the method | |
| CN108011706A (en) | Data processing equipment and the method for encryption for data | |
| Selmane et al. | Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks | |
| US10615959B2 (en) | Memory device, host device, and memory system | |
| Mahmoud et al. | X-Attack: Remote activation of satisfiability don't-care hardware Trojans on shared FPGAs | |
| Vaghani et al. | On securing scan design through test vector encryption | |
| Hussain et al. | Packet leak detection on hardware-trojan infected NoCs for MPSoC systems | |
| Al-Anwar et al. | Hardware trojan protection for third party IPs | |
| EP3200173B1 (en) | Method of protecting electronic circuit against eavesdropping by power analysis and electronic circuit using the same | |
| Rudra et al. | Designing stealthy trojans with sequential logic: A stream cipher case study | |
| Jose et al. | A memory architecture using linear and nonlinear feedback shift registers for data security | |
| US20140049359A1 (en) | Security device and integrated circuit including the same | |
| Hély et al. | Malicious key emission via hardware Trojan against encryption system | |
| Jin et al. | Hardware trojans in wireless cryptographic integrated circuits | |
| Saxena et al. | ISPLock: A hybrid internal state locking method using polymorphic gates | |
| Shao et al. | Fast and automatic security test on cryptographic ICs against fault injection attacks based on design for security test | |
| Ahmadi et al. | ShapeShifter: Protecting FPGAs from side-channel attacks with isofunctional heterogeneous modules | |
| Zhang et al. | Blinding HT: Hiding Hardware Trojan signals traced across multiple sequential levels |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: The Middlesex County Patentee after: Enders GmbH Address before: The Middlesex County Patentee before: NDS Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180821 Address after: The Middlesex County Patentee after: ACANO (UK) Ltd. Address before: The Middlesex County Patentee before: Enders GmbH |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161012 Termination date: 20210827 |